Services

At Xipiter our philosophy is simple: "To break software you need to know how to make software. To break hardware you need to know how to make hardware."

We are a full-service software and hardware security firm. We make and break software and hardware: from webapps to firmware.Here is how we have bundled services to other firms in the past. Contact Us to learn how we can help you!

Software (application)Security:

Software security is a many splendored thing. Xipiter staff has experience not only securing but also developing full-stack applications of all kinds. From big financial high frequency trading applications to the tiny ones embedded in small devices. We can help you audit and secure yours. Xipiter performs some of these services:

Hardware Security:

We've helped large manufacturers of set-top boxes, entertainment systems, gaming systems, mobile phones, Point-Of-Sales systems, and Utilities to secure their embedded applications (and related infrastructure). We've trained teams at large semiconductor manufacturers on embedded security issues and we've spoken about these issues all around the world. We can not only reverse engineer and audit hardware we can even manufacture our own to demonstrate vulnerability or provide Proof-Of-Concept remediation. Services include but are not limited to:

* All hardware prototypes are handled with extreme care including but not limited to: storage in FF-L-2740A DoD certified GSA containers.

Security Architecture & risk assessment:

Did you already build it and now you want to learn more about how to secure it?

Xipiter can help with understanding the risks to applications and infrastructure and help build plans for how you can move forward. Xipiter staff has experience building information security practices (at technology companies and startups) from the ground up so we know how to communicate the highly technical security issues that have business impact, succinctly. We've not only had to secure infrastructure and applications, but we've also been (and are currently) developers ourselves, so we understand the need to just "get it done and out the door". We'll help you circle back around to build a plan to secure your applications or infrastructure. Services include but are not limited to:

Mobile application security:

These days, virtually everyone has a "mobile" component. At Xipiter we have unique expertise in this area. Xipiter staff have given many international talks and trainings on mobile device security issues. We've spoken at the world's leading information security conferences (as well as other venues such the largest mobile semiconductors expos) on these very issues. We've even co-authored books on this very subject. So we can help you secure your mobile apps! Xipiter Mobile Application Services include but are not limited to:

Code Auditing (Android, Windows Mobile, iOS)

PII Risk Assessments (Personal Information)

Mobile Application Reverse Engineering

Cryptographic implementations (both on device and "in flight")

Additionally, Xipiter can help you to secure where your mobile application meets your business logic and backend infrastructure. We can help you implement security from down on the device up through the backend, or just test what you've currently tried to implement.

tool development:

Do you need a security tool written? Or perhaps you need someone to develop or implement the "security" parts of your application (SSL, crypto implementation, secure session management, anti-reverse engineering or IP/business logic hiding)? Xipiter can help you with that.

A common misconception about "security researchers" is that they don't do much development. The reality, however, is that most "security research" is merely custom application development. From code audits to "unit testing", fuzzing, and exploitation; good security researchers are "developers" first. At Xipiter we've spent most of our careers doing tool development (some of us even developers on non-security applications) so we can help you or your developers to write and implement the "security" bits of your code in web applications, desktop programs, and mobile applications. Services include but are not limited to:

Exploit development

Fuzzing and unit testing

Anti-reverse engineering or code obfuscation

Privilege separation or Sandbox integration

Cryptography implementation and integration (SSL et al)

DRM implementations and integration

Xipiter has performed these services (mostly as a "remediation" service) to embedded system manufacturers, large software companies, and mobile application developers.

*All hardware and forensic evidence is handled with extreme care including but not limited to: storage in FF-L-2740A DoD certified GSA containers.

Some of our clients

We take our client confidentiality very seriously. In fact, we prefer to be discrete (which is why we operated without a public site for most of our existence). But for prospective customers, here are a few of our clients that have graciously allowed us to list them.